To modify the idea of root: Add a new user, and then set the user as root, so that we can login ssh to use the new user, this user only we know, this increased the difficulty of guessing, so the security of the VPS host further improved.
First, add users and set passwords
Useradd itbulucom
passwd itbulucom
Use Useradd to add users, passwd to the user to set a password, and then appear to add a password interface, we enter the password and then enter again.
New Admin user added
Second, set permissions
Vi/etc/ssh/sshd_config
You can use the VI command above to open sshd_config file modification configuration, find Permitrootlogin to change the parameter yes to No, and then save exit.
Third, restart SSH settings
#centos
/etc/init.d/sshd restart
#debian/ubuntu
/etc/init.d/ssh restart
According to our own system of different options to restart the SSH command, after the reboot we use root is not to log in, you must use the new set of itbulucom and set the password to be able to login ssh. You can try it if you don't believe it.
Additional prohibit root account direct login
First, create a new account
Useradd KWXGD
SSH to execute the above command, you can create an account named "KWXGD" that can be customized.
Second, set the account password
passwd KWXGD
Use the passwd command to set or modify the password for the appropriate account.
According to the diagram, set or modify the password need to fill out two times, the second for the effectiveness of the password, input completed after the car to confirm.
Third, do not allow root direct landing
1, modify the relevant documents
Vi/etc/ssh/sshd_config
SSH executes the above command and modifies the Sshd_config file
2. No root landing
Look for "#PermitRootLogin yes", remove the "#" in front, change the "yes" to "No" and save the file.
Four, the next landing
1, first use the new account "KWXGD" to the ordinary user landing.
2. To obtain root permissions, execute the following command in SSH
Su Root
You can get root permissions after you execute the above command and enter the root password.
A more secure approach is to disable the root account
The first step, we first SSH landing VPS.
Useradd Laozuo #添加用户名
passwd Laozuo #为laozuo用户名设置密码
Then you need to enter the password two times, you will see as shown in the figure.
Disable root account
The second step is that we need to set the prohibit root user, which requires compiling the file. We can operate through the VI command, but also through the WINSCP and other FTP software to download file editing.
Vi/etc/ssh/sshd_config
Like the previous setup port, compile the Sshd_config file and change the Yes to No in the Permitrootlogin
Modify Permitrootlogin
Save exit, restart Ssh:service sshd restart (centos)/service ssh restart (Debian)
The third step is to raise the right. Log in with our newly added username and then Su Root to give the new user the highest privileges of the root user.